toolchain: gcc: add fanalyzer config option

Add gcc config option for fanalyzer. As a result of this option, a static
analysis of the program flow is conducted, allowing interprocedural paths
to be identified and warnings to be issued if problems are identified.

Link: https://github.com/openwrt/openwrt/pull/12576
Signed-off-by: Nick Hainke <[email protected]>

diff --git a/config/Config-build.in b/config/Config-build.in
index caeae799448abb8f7886ec92db93085fbf277cb3..5eaca5a94583a3151ff152bd70fb9f879cf8ad2c 100644 (file)
--- a/config/Config-build.in
+++ b/config/Config-build.in
@@ -250,6 +250,15 @@ menu "Global build settings"
 
        comment "Hardening build options"
 
+       config PKG_FANALYZER
+               bool
+               prompt "Enable gcc fanalyzer"
+               default n
+               help
+                 Add -fanalyzer to the CFLAGS. As a result of this option, a static analysis
+                 of the program flow is conducted, allowing interprocedural paths to be
+                 identified and warnings to be issued if problems are identified.
+
        config PKG_CHECK_FORMAT_SECURITY
                bool
                prompt "Enable gcc format-security"

diff --git a/include/hardening.mk b/include/hardening.mk
index 1565e5aa270341550e9394d95de8be56546e2af4..c5d836eec065ee21b650b796dc8f9cf4167bccf8 100644 (file)
--- a/include/hardening.mk
+++ b/include/hardening.mk
@@ -9,6 +9,7 @@ PKG_SSP ?= 1
 PKG_FORTIFY_SOURCE ?= 1
 PKG_RELRO ?= 1
 PKG_DT_RELR ?= 1
+PKG_FANALYZER ?= 0
 
 ifdef CONFIG_PKG_CHECK_FORMAT_SECURITY
   ifeq ($(strip $(PKG_CHECK_FORMAT_SECURITY)),1)
@@ -77,3 +78,8 @@ ifdef CONFIG_PKG_DT_RELR
   endif
 endif
 
+ifdef CONFIG_PKG_FANALYZER
+  ifeq ($(strip $(PKG_FANALYZER)),1)
+    TARGET_CFLAGS +=  -fanalyzer
+  endif
+endif